[AG-TECH] AG security and multicast ?

Gavin W. Burris aka 86 ga5in at psu.edu
Mon Apr 11 09:57:46 CDT 2005 

I think allowing anyone into a secure meeting until you "lock the
door" is a poor security model.  No need to lock the door and be
worried about who you have already let in, because it is really not
that user unfriendly to have an attendee list and add them to a secure
room with the GUI server administration tool.  If you don't do
security properly, it is just another hoop someone has to jump through
to get what you don't want them to have.

Derek Piper wrote (on Mon, 11 Apr 2005 at 08:28):
> 
> 	Something I've been asked about that's security related is about having 
> the ability to 'lock' a room from within the venue client, akin to 
> having a closed and locked door for a real conference room. Then, if the 
> room were set up to encrypt the traffic and people couldn't just 
> 'jump-in' it might make private meetings more attractive to those that 
> have a need for it. Sure you can set up a room with allowing certain 
> certificates, but that's cumbersome to have to do on a per-meeting basis 
> if all you want is something like a bunch of 'conference rooms'. Having 
> to have an operator tailor a room to a particular meeting isn't a very 
> user-friendly way of doing it.
> 	I asked a while ago on the list of a good way to do that and the 
> response was it'd be something I'd have to do myself. If enough people 
> think it's a feature they want, maybe we can convince the AG software 
> writers/maintainers to add functionality?
> 
> 	Derek
> 
> 
> Gavin W. Burris aka 86 wrote:
> > Here are two good resources:
> > http://multicasttech.com/
> > http://multicast.internet2.edu/
> > 
> > I get asked about security more and more now.  People are concerned that
> > their research will be broadcast to anyone with a multicast-enabled
> > network.  VIC and RAT do offer encryption keys, and that is an option
> > to enable with AGTk venue servers.  Rooms can have access based on
> > your globus certificates, too.  And AGTK uses SSL for its
> > client/server connections.
> > 
> > 
> > Would it be feasible to route multicast though a VPN for very secure
> > meetings?  Say, run a VPN server on the same machine that the venue
> > server is on, have clients connect their VPN client to it, and then
> > fire up AG over the encrypted tunnel?
> > 
> > 
> > 
> > Dioselin Gonzalez wrote (on Wed, 6 Apr 2005 at 09:05):
> > 
> >>Hello everybody,
> >>
> >>As part of our distance learning project, we need in-depth technical 
> >>information about security mechanisms and multicast allocation in the 
> >>AG.  Are there any documents or papers about this?
> >>
> >>The team will be doing low-level implementation, so we need  hard-core 
> >>documentation for techies :o)
> >>
> >>Thanks,
> >>
> >>Dio.-
> >>
> > 
> > 
> 
> -- 
> Derek Piper - dcpiper at indiana.edu - (812) 856 0111
> IRI 323, School of Informatics
> Indiana University, Bloomington, Indiana

-- 
Gavin W. Burris aka 86
Senior Systems Programmer
Penn State Visualization Group
http://viz.aset.psu.edu/ga5in

More information about the ag-tech mailing list